TAIWAN Law and Practice Contributed by: Che-Hung Chen, Doris Lu, Jakob Huang and Meng-Ying Lee, Chen & Lin Attorneys-at-Law
1.6 Interplay Between AI and Data Protection Regulations The interplay between data protection laws reflects a layered approach, where the PDPA serves as the overarching framework, providing general principles and rules for the processing of personal data. However, as new technologies and practices emerge, other laws and regula - tions tailored to specific sectors or issues – such as those governing AI – can impose additional requirements that complement, supplement or refine the general provisions of the PDPA. The new draft AI regulations introduce addi - tional, specific data protection requirements that were not explicitly covered under the exist - ing PDPA (ie, requirement of data minimisation, data protection by design and by default, de- identification and ensuring data portability). The relationship between these evolving regulations and the PDPA highlights the dynamic nature of data protection laws, as regulators aim to address emerging challenges driven by techno - logical advancements. Additionally, competent authorities, such as the Ministry of Digital Affairs, have issued guidelines for privacy-enhancing practices to help businesses navigate the use of new technologies while simultaneously ensuring robust data protection. To ensure comprehen - sive compliance, businesses will need to navi - gate both the existing PDPA framework and the new draft regulations, while staying prepared for future updates to the legal landscape.
negligence, the Department of Transportation of Taipei City may revoke or cancel its operational licence. 1.5 AI Regulation In Taiwan, the PDPA establishes a compre - hensive legal framework governing the collec - tion, processing and use of personal data. This framework is designed to capture a wide range of activities related to personal data, ensuring that regulations are applicable regardless of the specific methods employed or the distinct pur - poses for which the data is collected or used. The PDPA provides a general set of guidelines that can address the dynamic and evolving nature of data-related practices. In other words, data protection in the context of the use of AI systems is also the targeted scope governed by the PDPA. Taiwan’s government also acknowledges the rapid development of emerging technologies, such as AI, and the complex data-related chal - lenges these innovations bring. As a result, the government is also continuously revisiting and examining whether the current regulatory regime could duly catch all new relevant technologies. As such, in addition to the PDPA as the primary law of data protection, several draft regulations governing AI have been proposed and are pres - ently under discussion, in which several require - ments and mechanisms for extending the pro - tection of personal data are outlined: • data minimisation; • data protection by design and by default; • personal data de-identification; and • providing personal data in a commonly used format.
2. Privacy Litigation 2.1 General Overview
Trends in Data Breach Litigation Related to Fraudsters Exploiting Leaked Personal Data In Taiwan, cases of fraudsters exploiting leaked personal data to scam data subjects have
448 CHAMBERS.COM
Powered by FlippingBook